package org.sbbs.cfg;

import org.sbbs.base.jpa.dao.ExpandRepoFactoryBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@EnableJpaRepositories(basePackages = "org.sbbs", repositoryFactoryBeanClass = ExpandRepoFactoryBean.class)
@Configuration
public class WebConfig implements WebMvcConfigurer {

    private final SbbsTenantIdInterceptor tenantIdInterceptor;

//    @Primary
    public WebConfig(SbbsTenantIdInterceptor tenantIdInterceptor) {
        this.tenantIdInterceptor = tenantIdInterceptor;
    }

    @Override
    public void addInterceptors(InterceptorRegistry registry) {
        registry.addInterceptor(tenantIdInterceptor);
        WebMvcConfigurer.super.addInterceptors(registry);
    }

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests((authorizeRequests) -> authorizeRequests //
//            .requestMatchers(new AntPathRequestMatcher("/people/**","POST"))
                .anyRequest().permitAll()).csrf().disable();
        return http.build();
//        return http.authorizeHttpRequests(authorizeRequests -> authorizeRequests.anyRequest().permitAll()
//                ).csrf().disable() // 根据需要禁用CSRF保护
//                .build();
    }
}
